MiSec Southfield Meetup September 2015

September is the quarterly OWASP Detroit meeting. Shaun Bertrand will be presenting: Penetration Testing: Mastering Time & Space.

Most of us don’t have an infinite amount of time to hack an organization. We’re ethical penetration testers bound by the rules and duration defined in a scope of work between us and our clients. As such, effective time management is crucial if you plan on being successful. Shaun Bertrand will walk us through the techniques and strategies that have proven to be beneficial during his 13 years in the field of performing assessments in the Fortune 500 space. Learn what to focus on, what not to focus on, and review some scripts and tools that have been instrumental in identifying “big bang” attack vectors. Both beginners and experts alike will take something from this presentation that they can actively use and prosper from.

Thursday, September 10th, at 7 pm
300 Galleria Officentre, Suite 103
Southfield, MI 48034

MiSec Jackson Meetup August 2015

Wolfgang Goerlich (@jwgoerlich) will be presenting: PCI and New Ways to Steal.

Emerging payment systems means new opportunities to make old mistakes. Apple Pay and Google Wallet has taken us cardless and wireless. Starbucks invented its own espresso-driven gift cards. Bluetooth payment beacons are taking us cashierless. Yet amid the encryption and tokenization and PCI DSS compliance, somehow, criminals still manage to eke out a living defrauding consumers. (And by eke, we mean the estimated $3 trillion dollar cybercrime industry.) This talk will review several emerging payment systems and describe the fraud and the flaws. With that as a framework, we will propose first principles for securely designing new systems and sidestepping the same old mistakes.

Tuesday, August 11th, at 7 pm
Consumers Energy
One Energy Plaza`
Jackson, MI 49201

Please use the Francis Street parking deck.

MiSec Southfield Meetup August 2015

Keith Dixon (@Tazdrumm3r) will be presenting: Malware analysis – What can be learned from spam.

Malware is a constant and evolving threat to the point AV vendors can barely keep up. Instead of giving in to the FUD, we need to dive in with both feet. This presentation will walk through a phishing email scenario into how to monitor for such activities on your network and some tools and methodologies to use.

Thursday, August 13th, at 7 pm
300 Galleria Officentre, Suite 103
Southfield, MI 48034

MiSec Jackson Meetup June 2015

Matt France is presenting Network Security Fundamentals – The Low Hanging Fruit on June 9th at 7pm.

Abstract: Network security is a topic that’s been beaten to death and has been around since the dawn of most of our careers as infosec professionals. What I am here to do is examine the modern day approach to network security and provide suggestions to both the seasoned network veterans and mom-and-pop shop network admins alike. Many simple steps can be taken to increase the likelihood of preventing (or at least slowing) an attack, detecting the attack, forensically examining the attack, and finally remediating. There are a ton of high-value, low-cost features in modern networking equipment that change the dynamic of old attack vectors like MitM attacks. From protecting your clients, to segmenting your servers this talk has it all.

Bio: Matt is a Network Security Engineer employed by Consumers Energy, with a Bachelor’s degree in Computer Science and Engineering from Michigan State University. He has a strong background in deep packet analysis, IP protocols, network forensics and familiarity with many programming languages. Matt has a passion for computer hardware, an appreciation for all things fast and powerful, computer hardware or otherwise. His hobbies are a reflection of that appreciation and as a result he enjoy fast cars, offroad vehicles (He’s a sucker Jeeps or Tacomas) and a hobbyist level of experience at building GPU based password cracking systems. He holds several certifications that reflect his experience, including a GIAC GPEN, GISP, GCIA and ISC^2 CISSP.

Location:
Consumers Energy
One Energy Plaza
Jackson, MI 49201

MiSec Southfield Meetup May 2015

Steven Fox is presenting a recap of the RSA Conference. Afterwards, J Wolfgang Goerlich is presenting Lifecycle Management. The meeting is at 7 pm on Thursday, May 14th.

The adoption of Cloud technologies elevates the role of security leadership while elevating the threat to our technology. Cloud allowed us to step away from infrastructure tasks and freed us to focus on strategic activities; applying security controls to the lifecycle rather to the individual equipment. Using Cloud services as an example, this session provides guidance on advancing our security posture, building our security culture, and increasing our influence with stakeholders. We will walk through the entire lifecycle: building the business case, shaping the deployment project plan, executing, shifting into operations, and finally retiring the Cloud service. At each stage, we will share guidance on incorporating security activities and integrating the new service with existing security programs. The resulting lifecycle will take advantage of our new role to better protect our technology.

Location:
300 Galleria Officentre, Suite 103
Southfield, MI 48034

MiSec Jackson Meetup May 2015

Chris Maddalena is presenting Clear as FUD, at 7 pm on Tuesday May 12th.

Our technology is becoming easier to use and friendlier towards users who would struggle to use a PC. This is a wonderful change that has opened up new possibilities for them to learn, connect, and explore by making is simpler for them to browse the web and use email and social media. The downside is they don’t fully understand the technology and this makes them easy marks for scammers. They see only half of the picture, gathered from news reports and bite-sized explanations they’ve read or heard. This affects not only regular people, but our lawmakers and politicians, too. This lack of understanding has the potential to cause lasting harm by creating misinformation, negative views of those who identify as hackers, and a fear of the internet. We can help by doing what we do every day: talking about it.

We’ll discuss examples of how a lack of understanding has hurt different people and groups, how we got to this point, and how we can do some little things that will make a big difference.

Location:
Consumers Energy
One Energy Plaza
Jackson, MI 49201

MiSec Jackson April 2015 Meetup

Jim Beechey (@jim_beechey) will be speaking on “Communicating Up The Stack: Layers 8, 9 and beyond” at 7pm on April 14th.

Abstract: “Genius is the ability to put into effect what is on your mind” F. Scott Fitzgerald.  Our industry, Information Security, is filled with brilliant people.  However, one of our biggest challenges is our ability to communicate properly within our organizations.  This talk is aimed at technical professionals and will provide concrete examples for rapidly improving communication up the chain of command with the goal of having more impact on your organizations security posture.

Location:
Consumers Energy
One Energy Plaza
Jackson, MI 49201

Please use the parking structure off of the Francis Street.
one-energy

MiSec Jackson Social Night – March 2015

Come join some of the MiSec Jackson crew as we take over a few tables at the Night Light on March 31st at 6pm.

Hang out, talk tech, random ideas and enjoy some food and drinks. (Pay your own way.).

Location:
Night Light
145 W Pearl St
Jackson, MI 49201

Ping Kyle Andrus (@chaoticflaws) or Matt Johnson (@mwjcomputing) for more information.

MiSec Southfield Meetup March 2015

Nerdy Beardo will be presenting “Defense in Depth with AOP” for our quarterly OWASP Detroit meeting.

Web application security has never been harder. Our adversary is cunning and clever, and with software becoming more and more complex its harder than ever to ensure security. This presentation is about using Aspect Oriented Programming to help organize our code in a way that makes implementing security practices easier, centrally maintained and helps to bring security to the forefront of the software development process. Our aim is to slow or stop our attackers on multiple levels using AOP as our mechanism for achieving this. Code for this talk will be in C# with PostSharp however the concepts can be applied to virtually any programming language or AOP tool.

Thursday, March 12th, 7 pm
300 Galleria Officentre, Suite 103
Southfield, MI 48034

MiSec Jackson March 2015 Meetup

Steve Motts (@Fugawi72) is presenting “Excuse me while I BURP” at 7pm on March 10th.

While it is customary in some societies to excuse yourself when expelling a gaseous mixture, sometimes burping has its advantages and needs no apology. This talk will introduce Burp Suite (interception proxy) and how it can help to expel technical web flaws (non-gaseous). It will contain an overview of the tool and demonstrate some key features against sample vulnerable web applications.

 

NOTE: We are at a new location starting in March. We would like to thank Spring Arbor University for helping get MiSec Jackson off the ground. 

Location:
Consumers Energy
One Energy Plaza
Jackson, MI 49201

Please use the parking structure off of the Francis Street.
one-energy

Return top

About MichSec.org

We are a collective of Michigan based information security professionals (or maybe just people interested in security) looking to share knowledge and make the world a safer place.